As fraudsters have become more sophisticated in conducting fraudulent transactions, banks and other organizations impacted by fraud have sought to improve systems that assess transaction risk prior to completing a transaction.
Many different forms of financial transactions can be conducted fraudulently, such as paper checks, ACH and other electronic credits/debits to bank accounts, wire transfers from one account to another, and person-to-person (P2P) payments.
Most systems for detecting fraudulent transactions typically look at only one party to the transaction and may have limited risk data available. For example, in traditional paper check transactions, a bank receiving a check for deposit and wanting to assess counterfeit risk may look only at the identified payer (e.g., to determine if the identified check writer has a name or an account that appears on a list of names or accounts associated with past counterfeit activity). This does little to reduce risk unless the check is from a known counterfeiter. In other cases, a bank may only look at the payee, for example, when a check is being deposited to a payee account. The bank may check to see if the account holder/payee appears on lists of people or accounts associated with past account abuse or fraud. This may provide little protection to an honest account holder, who may be the victim of fraud and does not know when a check may have come from someone engaged in fraud.
It has been difficult for banks to conduct a comprehensive risk analysis of a transaction involving an assessment of both the payer and the payee, either one of which may be a victim of fraud or a perpetrator of fraud. The bank may only have useful information on one party to the transaction (its own customer having an account at that bank) and information on the other party may be very limited.
This problem may be particularly difficult in the case of a person-to-person (P2P) payment or similar electronic payment transfers, where a bank may receive authorization from an account holder (through a P2P payment system) to withdraw money from a payer account at the bank and send the money to a P2P system, where it is subsequently forwarded to a payee. A bank receiving such an authorization has little, if any, information on the ultimate payee. The P2P payment system processing the payment may have information on the payer/sender by virtue of a payment account set up with the P2P system (with personal information on the payer/sender, including bank accounts from which payment transfers are to be funded), but unless the payee/receiver also has a payment account with the same P2P system, the P2P system may have no information on the payee/receiver, other than perhaps an email address or phone number for use in notifying the payee that money is available through the payment system.
There is thus arisen a need for systems having better and more comprehensive evaluation of available data to determine whether a transaction involves fraud or other financial risk.